a.find-laboratory.com

REACTIVATION PERIOD

Domain Information

The domain a.find-laboratory.com registered by REACTIVATION PERIOD was initially registered in February of 2015 through ENOM, INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
ENOM, INC.

Server location:
Oregon, United States (US)

Create date:
Friday, February 20, 2015

Expires date:
Saturday, February 20, 2016

Updated date:
Saturday, April 2, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Scanner detections:
Malware distribution  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Optional.PCUtilities.Task.Meta (M), PUP.Optional.PCUtilities (M)
92.31%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A, Threat.Undefined
10.26%

F-Secure
Application:W32/Generic.70053c248f!Online, Trojan.Agent.BKMB, Trojan.Agent.BKMJ, Variant.Adware.Kazy
10.26%

avast!
Win32:Evo-gen [Susp], Win32:FakeDownload-G [PUP], Win32:InstalleRex-HL [PUP]
10.26%

Dr.Web
Trojan.Crossrider1.22656, Trojan.PWS.Qqpass.11207, Trojan.PWS.Qqpass.11195
10.26%

Emsisoft Anti-Malware
Trojan.Agent.BKMB, Trojan.Agent.BKMJ, Gen:Variant.Adware.Kazy.659485, Gen:Variant.Razy.5360
10.26%

Norman
Trojan.Agent.BKMB, Trojan.Agent.BKMJ, Gen:Variant.Adware.Kazy.659485
7.69%

ESET NOD32
Win32/Adware.MultiPlug.IJ application, Win32/Adware.MultiPlug.MI application
5.13%

Comodo Security
Application.Win32.AdWare.MultiPlug.VA
5.13%

Avira AntiVirus
TR/Crypt.XPACK.Gen
5.13%

AhnLab V3 Security
PUP/Win32.MultiPlug
5.13%

Fortinet FortiGate
Riskware/Generic.AC.4386
5.13%

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
5.13%

Sophos
PUA 'MultiPlug' (of type Adware)
5.13%

Malwarebytes
PUP.Optional.MultiPlug.SID.A
5.13%

The domain a.find-laboratory.com has been seen to resolve to the following 11 IP addresses.

February 29, 2016

ec2-52-27-128-62.us-west-2.compute.amazonaws.com
July 16, 2015

ec2-52-27-128-59.us-west-2.compute.amazonaws.com
July 16, 2015

ec2-52-27-128-56.us-west-2.compute.amazonaws.com
July 16, 2015

ec2-52-10-67-234.us-west-2.compute.amazonaws.com
June 30, 2015

ec2-52-26-130-111.us-west-2.compute.amazonaws.com
June 26, 2015

ec2-52-11-167-137.us-west-2.compute.amazonaws.com
June 26, 2015

ec2-52-26-142-209.us-west-2.compute.amazonaws.com
June 26, 2015

ec2-54-69-228-231.us-west-2.compute.amazonaws.com
June 19, 2015

ec2-54-213-72-9.us-west-2.compute.amazonaws.com
June 19, 2015

ec2-54-149-241-47.us-west-2.compute.amazonaws.com
June 19, 2015

File downloads found at URLs served by a.find-laboratory.com.

 
Latest 30 of 40 download URLs

The following 8 files have been seen to comunicate with a.find-laboratory.com in live environments.